The advancements described herein relate to a network gateway apparatus that adds an encrypted communication function to increase communication security without requiring any network setting changes to the existing network environment.
Technical limitations in TCP/IP networks and the pervasiveness of the Internet have led to many network security issues. For example, internet mail (email) is fundamentally equivalent to a postcard, and if a communication path through which an email is sent is tapped by an unauthorized party, the unauthorized party may easily acquire both the header and content of the email.
Certain conventional methods of securing communications, such as email or web browsing, through encryption require that the application program used for the communication perform the encryption or at least be aware of the encryption. In this case, a problem arises in that different applications that perform encryption may not be compatible with each other. Therefore, encrypted communication may not be possible among these incompatible applications.
Other conventional methods for providing secure network communications, such as IPSec, implement encryption in the network layer rather than in the application layer. Therefore, when IPSec is used, applications do not have to perform the data encryption and need not even be aware that encryption is being performed at the network layer. This reduces the processing overhead of the communication application, and addresses the issue of incompatibility among communication applications. However, because IPSec requires user authentication that is separate from the user authentication required by the communication application, IPSec can be cumbersome to use, and because IPSec encrypts at the network layer, IPSec-encrypted packets may be more difficult to route and network settings may have to be modified in response. Thus, a need exists for a method of providing secure, encrypted network communications without burdening high-level communication applications with the encryption and without requiring changes to the network environment.